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-- The MAILING DATE of this communication appears on the cover sheet with the correspondence address - 
Period for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- tf the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 

- Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

1)^ Responsive to communication(s) filed on 21 March 2003 . 
2a)D This action is FINAL. 2b)S This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 11, 453 O.G. 213. 
Disposition of Claims 

4) ^ Claim(s) 1-21 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) E3 Claim(s) 1-21 is/are rejected. 

7) D Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10) D The drawing(s) filed on is/are: a)D accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 185(a). 

11) D The proposed drawing correction filed on is: a)D approved b)D disapproved by the Examiner. 

If approved, corrected drawings are required in reply to this Office action. 

12) D The oath or declaration is objected to by the Examiner. 
Priority under 35 U.S.C. §§119 and 120 

1 3) D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 1 1 9(a)-(d) or (f). 

a)QAII b)Q Some*c)n None of: 

1 .□ Certified copies of the priority documents have been received. 

2. D Certified copies of the priority documents have been received in Application No. . 

3. Q Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 

1 4) D Acknowledgment is made of a claim for domestic priority under 35 U.S.C. § 1 1 9(e) (to a provisional application). 

a) □ The translation of the foreign language provisional application has been received. 

1 5) D Acknowledgment is made of a claim for domestic priority under 35 U.S.C. §§ 1 20 and/or 121. 
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2) CI Notice of Draftsperson's Patent Drawing Review (PTO-948) 5) Q Notice of Informal Patent Application (PTO-152) 
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DETAILED ACTION 



This office action is in response to amendments filed March 21 , 2003. Claims 1-21 are 
presented for further examination. 



1 . The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 
A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public 
use or on sale in this country, more than one year prior to the date of application for patent in the United 



2. Claim 1 is rejected under U.S.C. 102(b) as being anticipated by Hu. 

As per claim 1 , Hu discloses a method of enabling a client terminal user to access 
target resources managed by a set of resource managers within an enterprise 
computing environment, comprising: 

• Authenticating the user to establish a user primary identity (column 1 , lines 52-55, 
column 2, lines 3-5, 30-35, 42-45, column 4, lines 23-28); 

• Mapping the user primary identity to a set of user secondary identities (column 2, 
lines 1-17, 20-25, 42-47, column 4, lines 44-55, column 5, lines 30-35, 60-67, 
column 6, lines 1-11, 17-30); 

• Authenticating the user to the resource managers using the set of user secondary 
identities (column 2, lines 1-17, 20-25, 42-47, column 4, lines 44-55, column 5, lines 
30-35, 60-67, column 6, lines 1-11, 17-30); 



Claim Rejections - 35 USC § 102 
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• Following authentication using the set of user secondary identities, forwarding 
resource requests to the resource managers (column 3, lines 63-65, column 4, lines 
53-55, column 6, lines 31-35); 

• Returning replies received from the resource managers back to the user (column 4 
lines 14-17, 55-58, column 6, lines 35-39). 

As per claim 2, Hu discloses: 

• The user primary identity is mapped to the set of user secondary identities by a sign- 
on service (column 2, lines 1-17, 20-25, 42-47, column 4, lines 44-55, column 5, 
lines 30-35, 60-67, column 6, lines 1-11, 17-30). 

As per claim 3, Hu discloses: 

• Authenticating the step of authenticating a trusted server to the sign-on service prior 
to mapping the user primary identity to the set of user secondary identities (column 
1, lines 52-55, column 2, lines 3-5, 30-35, 42^5, column 4, lines 23-28). 

As per claim 4, Hu discloses: 

• The trusted server is authenticated to the sign-on service before the step of 
authenticating the user to establish the user primary identity (column 1, lines 52-55, 
column 2, lines 3-5, 30-35, 42-45, column 4, lines 23-28). 
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As per claim 5, Hu discloses: 

• Trusted server is authenticated to the sign-on service after the step of authenticating 
the user to establish the user primary identity (column 1 , lines 52-55, column 2, lines 
3-5, 30-35, 42-45, column 4, lines 23-28) 

As per claim 6, Hu discloses: 

• The user is authenticated to establish the user primary identity using an 
authentication service associated with the trusted server (column 1, lines 52-55, 
column 2, lines 3-5, 30-35, 42-45, column 4, lines 23-28) 
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As per claim 8, Hu discloses: 

• The client terminal user accesses the enterprise computing environment over the 
Internet (column 7, lines 40-45). 

As per claim 9, Hu discloses: 

• The user is authenticated to a given resource manager using an authentication 
service associated with the given resource manager (column 2, lines 1-17, 20-25, 
42-47, column 4, lines 44-55, column 5, lines 30-35, 60-67, column 6, lines 1-11, 17- 
30). 

As per claim 10, Hu discloses a method for enabling a client terminal user to access 
target resources managed by a set of resource managers operative within an enterprise 
computing environment, wherein the environment has an associated sign-on service, 
comprising: 

• Responsive to a request received from a user of the client terminal, authenticating 
the user to establish a user primary identity (column 1 , lines 52-55, column 2, lines 
3-5, 30-35, 42-45, column 4, lines 23-28); 

• Using the user primary identity, accessing the sign-on service to retrieve a set of 
stored user authentication information, wherein the stored user authentication 
information comprises a set of user secondary identities (column 2, lines 1-17, 20- 
25, 42-47, column 4, lines 44-55, column 5, lines 30-35, 60-67, column 6, lines 1-11, 
17-30); 
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• Performing a sign-on to the set of resource managers using the retrieved set of user 
secondary identities (column 2, lines 1-17, 20-25, 42-47, column 4, lines 44-55, 
column 5, lines 30-35, 60-67, column 6, lines 1-11, 17-30); 

• Forwarding the request to a given resource manager (column 3, lines 63-65, column 
4, lines 53-55, column 6, lines 31-35); 

• Forwarding a reply received from the given resource manager back to the user 
(column 4 lines 14-17, 55-58, column 6, lines 35-39). 

As per claim 1 1 , Hu discloses a method for enabling a client terminal user to access 
target resources managed by a set of resource managers operative within an enterprise 
computing environment, wherein the environment has an associated sign-on service, 
comprising: 

• Having the client terminal user perform primary logon to an intermediary server to 
establish a user primary identity (column 1, lines 52-55, column 2, lines 3-5, 30-35, 
42-45, column 4, lines 23-28); 

• Having the intermediary server pass the user's primary identity to the sign-on service 
and in response, obtaining a set of user secondary identities that may be used in 
enabling the intermediary server to represent the client terminal user to the resource 
managers (column 2, lines 1-17, 20-25, 42-47, column 4, lines 44-55, column 5, 
lines 30-35, 60-67, column 6, lines 1-11, 17-30); 
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• Having the intermediary server perform a secondary logon to a first resource 
manager using a first user secondary identity (column 2, lines 1-17, 20-25, 42-47, 
column 4, lines 44-55, column 5, lines 30-35, 60-67, column 6, lines 1-11, 17-30); 

• Having the intermediary server perform a secondary logon to a second resource 
manager using a second user secondary identity (column 2, lines 1-17, 20-25, 42- 
47, column 4, lines 44-55, column 5, lines 30-35, 60-67, column 6, lines 1-11, 17- 
30); 

• Having the intermediary server perform resource requests at the first and second 
resource managers under the respective secondary identities (column 3, lines 63-65, 
column 4, lines 53-55, column 6, lines 31-35); 

• Forwarding responses back to the client terminal user (column 4 lines 14-17, 55-58, 
column 6, lines 35-39), 

As per claim 12, Hu discloses in an enterprise computing environment having a set 
of resource managers and a sign-on service, the enterprise computing environment 
comprising: 

• Means for authenticating a user to establish a user primary account associated with 
a user primary identity (column 1, lines 52-55, column 2, lines 3-5, 30-35, 42-45, 
column 4, lines 23-28); 

• Means for cooperating with the sign-on service to map the user primary account to a 
set of user secondary accounts associated with a set of user secondary identities 
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(column 2, lines 1-17, 20-25, 42-47, column 4 t lines 44-55, column 5, lines 30-35, 
60-67, column 6, lines 1-11, 17-30); 

• Means for logging onto the set of resource managers using the user secondary 
accounts (column 3, lines 63-65, column 4, lines 53-55, column 6, lines 31-35); 

• Means for passing resource requests from the user to the resource managers under 
the user secondary accounts (column 3, lines 63-65, column 4, lines 53-55, column 
6, lines 31-35). 

As per claim 13, Hu discloses: 

• The server passes replies to the resource requests back to the user (column 4 lines 
14-17, 55-58, column 6, lines 35-39). 

As per claims 14 and 21, Hu discloses in an enterprise computing environment 
having a set of resource managers and a sign-on service, comprising: 

• Means for authenticating a user to establish a user primary account associated with 
a user primary identity (column 1, lines 52-55, column 2, lines 3-5, 30-35, 42-45, 
column 4, lines 23-28); 

• Means for authenticating the server to the sign-on service, wherein the set of user 
secondary accounts is associated with a set of user secondary identities (column 1 , 
lines 52-55, column 2, lines 3-5, 30-35, 42-45, column 4, lines 23-28); 
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• Means for passing resource requests and associated replies between the user and 
the resource managers (column 3, lines 63-65, column 4, lines 53-55, column 6, 
lines 31-35). 

As per claim 15, Hu discloses: 

• Means for load balancing resource requests passed to a set of instances of a given 
resource manager (column 3, lines 63-65, column 4, lines 53-55, column 6, lines 31- 
35). 

As per claim 16, Hu discloses a system comprising: 

• A set of resource managers (column 4, lines 44-55, column 5, lines 30-35, 60-67, 
column 6, lines 1-11, 17-30); 

• A sign-on service (column 1, lines 52-55, column 2, lines 3-5, 30-35, 42-45, column 
4, lines 23-28); 

• A server comprising means for authenticating a user to establish a user primary 
accounts associated with primary user identities, means for logging a given user 
onto the set of resource managers using the user secondary accounts for the given 
user retrieved from the sign on service, wherein a set of user secondary accounts for 
a given user is associated with a set of user secondary identities for a given user, 
and means for passing resource requests and associated replies between the given 
user and the resource managers (column 2, lines 1-17, 20-25, 42-47, column 3, lines 
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63-65, column 4, lines 44-55, column 5, lines 30-35, 60-67, column 6, lines 1-11,17- 



As per claim 17, Hu discloses: 

• At least one resource manager comprises a set of instances (column 4, lines 44-55, 
column 5, lines 30-35, 60-67, column 6, lines 1-11, 17-30). 

As per claim 19, Hu discloses: 

• The server comprises a set of instances (column 4, lines 44-55, column 5, lines 30- 
35, 60-67, column 6, lines 1-11, 17-30). 

As per claim 20, Hu discloses: 

• A manager that manages the set of server instances (column 4, lines 44-55, column 
5, lines 30-35, 60-67, column 6, lines 1-11, 17-30). 



3. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 



35). 
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4. Claims 7, 15, and 18 are rejected under 35 U.S.C. 103(a) as being unpatenable 
over Hu in view of Brendel et al. (hereinafter "Brendel", 5,774,660). 

As per claims 7, 15, and 18, Hu does not explicitly disclose load balancing resource 
requests across a set of instances of a given resource manager. However, in an 
analogous art, Brendel discloses load balancing performed among nodes that have the 
requested resource (column 22, lines 65-67). 

Therefore, one of ordinary skill in the art at the time the invention was made would 
have found it obvious to implement or incorporate load balancing in Hu's method in 
order to avoid bottleneck and single point of failure and increase the efficiency of the 
system. 

Response to Arguments 
The Office notes the following arguments: 

(a) Grantges does not disclose a plurality of user identities, such as a primary user 
identity and a set of secondary user identities as disclosed and claimed in the present 
patent application. 

(b) Grantges does not disclose the claimed mapping of a primary user identity to a 
set of secondary identities. 
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(c) Independent claims 10, 12 t 14, 16, and 21 have been amended to distinguish it 
from Grantges and are patentable. 

(d) All dependent claims are patentable because there are features in the 
independent claims that are not disclosed by Grantges. 

In response to: 

5. (a)-(d) Applicant's arguments have been considered but are moot in view of the 
new ground(s) of rejection. 



6. The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. 
U.S. Patent No. 5,586,260 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Barbara N Burgess whose telephone number is (703) 
305-3366. The examiner can normally be reached on M-F (8:00am-4:00pm). 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ario Ettinene can be reached on (703) 308-7562. The fax phone numbers 
for the organization where this application or proceeding is assigned are (703) 746-7239 
for regular communications and (703) 746-7240 for After Final communications. 



Conclusion 
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Any inquiry of a general nature or relating to the status of this application or 
proceeding should be directed to the receptionist whose telephone number is (703) 305- 
3900. 



Barbara N Burgess 

Examiner 

Art Unit 21 57 



June 2, 2003 



SALEH Najjar 
PRIMARY EXAMINER 



